How is it possible to access memory of other processes?

I thought that one process cannot read the memory of other processes. But I'm shocked to see an application named "WinHex" which has "RAM Editor" and it is able to access the entire memory. Of all the processes.

How is that possible? And开发者_如何学Python it is even able to modify the memory of other processes. Doesn't this become malicious?

In all likelyhood, the tool uses ReadProcessMemory or some variant, which requires PROCESS_VM_READ access.

With respect to your "malicious" comment, remember that you (or the process invoking this API, which likely needs Administrator-level permissions) already has total control over the machine. The security game is already lost at this point.

Well, that's one of the things a process with the right privileges, granted by the operating system, can do. Processes cannot access other processes' memory in principle. In practice the underlying operating system usually offers this mechanism to privileged processes.

Accessing other process' memory is a piece of cake.
You can even use Windows Driver Kit to access and modify everything.

Check out for example rootkits to see how fragile is the OS when you don't restrict programs' privileges.

If you're running as Administrator, you can obtain privileges to read all of memory; it seems that WinHex is doing this on your behalf.

Have you tried this on a more restricted account?

I think it uses some DLL injection technique.

See http://en.wikipedia.org/wiki/DLL_injection for more information